Add support for Debian

defaults/main.yaml

@@ -1,2 +1,4 @@
 ---
-cis_hide_proc: false
+cis_hide_proc: false
+
+cis_cron_service_name: crond

meta/main.yaml

@@ -3,7 +3,7 @@ allow_duplicates: false
 
 galaxy_info:
   role_name: cis
-  author: Andrew Williams
+  author: nikdoof
   description: Configures a RHEL systems to CIS specs
   license: MIT
 
@@ -13,6 +13,9 @@ galaxy_info:
     - name: RedHat
       versions:
         - 8
+    - name: Debian
+      versions:
+        - bookworm
 
   collections:
     - ansible.posix

tasks/aide.yaml

@@ -2,7 +2,7 @@
 - name: Install AIDE
   ansible.builtin.package:
     name: aide
-    state: installed
+    state: present
   notify: init aide
 - name: Install AIDE crontab
   ansible.builtin.copy:

tasks/auditd.yaml

@@ -1,4 +1,13 @@
 ---
+- name: Install auditd
+  ansible.builtin.package:
+    name: auditd
+    state: present
+- name: Start auditd
+  ansible.builtin.service:
+    name: auditd
+    state: started
+    enabled: true
 - name: Copy main CIS benchmark ruleset
   ansible.builtin.copy:
     src: auditd/cis-hardening.rules

tasks/cron.yaml

@@ -1,7 +1,7 @@
 ---
-- name: Enable crond
+- name: Enable cron
   ansible.builtin.service:
-    name: crond
+    name: "{{ cis_cron_service_name }}"
     state: started
     enabled: true
 - name: Set cron file security

tasks/main.yaml

@@ -1,4 +1,10 @@
 ---
+- name: CIS - Get OS specific vars
+  include_vars: "{{ item }}"
+  with_first_found:
+    - "os/{{ ansible_os_family }}/{{ ansible_distribution_major_version }}.yaml"
+    - "os/{{ ansible_os_family }}.yaml"
+
 - include_tasks: auditd.yaml
 - include_tasks: limits.yaml
 - include_tasks: proc.yaml

vars/os/Debian.yaml

@@ -0,0 +1,2 @@
+---
+cis_cron_service_name: cron

vars/os/RedHat.yaml

@@ -0,0 +1 @@
+---